Is Your Birthday Your Favorite Password?
With the recent news of Republican vice-presidential candidate Sara Palin’s email account being hacked, it’s time for all of us to take a close look at the passwords we have chosen to secure our online personal information.
It starts rather innocuously. We set up a free email account with Yahoo and when prompted for a password, we struggle to think of something that we won’t later forget. The first thing that pops into you head is your date of birth, favorite color or your pet’s name. Now, just in case you do forget your password, you’ll be able to answer a password “challenge” question so that your password can be released to you. Typically, you can choose from a variety of questions, such as your mother’s maiden name, the name of the street you grew up on, what high school you went to, etc. Done! You happily begin using your Yahoo email account.
What about shopping online? Banking online? Private newsgroups? Other email providers such as Gmail, Hotmail? Before long, you could easily have 25-50 different sites that you access with a unique user ID and password. You are using different passwords for these accounts, aren’t you?In the case of Palin, per Yahoo news, “The hacker guessed that Alaska’s governor had met her husband in high school, and knew Palin’s date of birth and home Zip code. Using those details, the hacker tricked Yahoo Inc.’s service into assigning a new password, “popcorn,” for Palin’s e-mail account, according to a chronology of the crime published on the Web site where the hacking was first revealed.”
The first thing I suggest you do is change all of your easy to guess passwords to a strong password.
From the Webopedia, the definition of a strong password is “A password that is difficult to detect by both humans and computer programs, effectively protecting data from unauthorized access. A strong password consists of at least six characters (and the more characters, the stronger the password) that are a combination of letters, numbers and symbols (@, #, $, %, etc.) if allowed. Passwords are typically case-sensitive, so a strong password contains letters in both uppercase and lowercase. Strong passwords also do not contain words that can be found in a dictionary or parts of the user’s own name.”
We have a strong password tool on our site for this purpose, which we encourage you to use.
Now, no one is going to remember a password like ‘HEQ2vAMvu5iI46,’ but moreover, it’s not likely to ever be hacked either. So, use a local encrypted password storage tool (NEVER online) to record these, which might be as simple as password protected Excel spread sheet, or use a script such as Password Safe or KeePass Password Safe (both are available for free).